Category Archives: SDLC

Microsoft Attack Surface Analyzer Command line option

Posted on August 7, 2012 by hiddencodes

Microsoft Attack Surface Analyzer is a nice tool to analyze the modifications made by a product. Many a times we may need to automate this. Microsoft provided command line options to automate this. Usage: Attack Surface Analyzer.exe [arguments]   /Baseline <file>     … Continue reading

Posted in Code review experiance, SDLC, Windows | Tagged , | Leave a comment

SCALMS–Source Code Auditors Log Management System

Posted on June 21, 2012 by hiddencodes

  In my auditing job, I used to face lot of issues when we work as a team. Problems we face are,1) Work on multiple projects/products at a time.2) When you work as a team, how do you assign an … Continue reading

Posted in Code review experiance, SDLC | Tagged , , , | Leave a comment

C++ Code Audit Diary 1: STL implementation difference

Posted on March 25, 2012 by hiddencodes

STL supports value semantics. There is no support for the reference semantics in C++ STL. Even then few STL function template supports pass-by-reference. There is a difference between this supports in MSVC and GCC. I take an example from the … Continue reading

Posted in C/C++, Code review experiance, SDLC, Windows VC++ | Tagged , | Leave a comment

Build An AppSec Training Program for Development Teams–Veracode

Posted on February 23, 2012 by hiddencodes

Recently Veracode arranged for a presentation related to AppSec Training. It is a good materials to listen. You can learn lot of lessons on how to “push” a AppSec training. Good Presentation. Those who work in SDLC process implementation should … Continue reading

Posted in Code review experiance, SDLC | Tagged , | Leave a comment